Rock U - People - Account Protection Profiles

Transcribed Video Content

It's unfortunate, but there are people out there who will make malicious attempts to hijack certain Rock accounts and potentially use them to do harm. It's happened. That's why we put a lot of thought and effort into systems that can protect certain accounts from hijack attempts. And in this video, we'll go over those systems and how they're used to secure accounts. We'll start with the person profile page. This is where you can see the account protection profile for an individual. So in this case, Ted Decker's protection profile is extreme, and so is Cindy's. And we're gonna go over how those protection profiles are accounted for, but this is how you can view them for an individual. Or for a different example, we can pull up someone else Sam Hanks and see his protection profile is medium. All of these protection profiles are driven by settings that are under admin tools and security and then security settings. So here at the top or near the top, you can see the four different account protection profile levels. We saw an example of medium and extreme. And you can see what the criteria are for each of these items listed below. So you can tell exactly how a a person would get assigned one of these account protection profile levels. Also on this page, you can disable duplicate checking for the following protection profiles. That means, in this case, , with the standard out of the box configuration, that duplicate checking will be disabled for people who are in a medium, high, or extreme protection profile level. That means that in cases where normally where Rock would check for a duplicate and and maybe say, hey, is this you? Instead, a duplicate record is just gonna get created. This does result in more duplicates, but it does keep existing accounts safe. You can't have good security and no duplicates. It's just a consequence of having tight security. Down below the duplicate checking settings, you can specify for people with certain account protection profiles what role does a person need to have in order to merge those records? So if you're dealing with somebody who has a high or extreme account protection profile level, you want to narrow down which staff are able to perform those types of merges. And this is where you set what security roles are allowed to merge records where at least one of the profiles is high or extreme. And we'll show you an example of that coming up. Down at the bottom, we have the option to disable the use of personal tokens for the following account protection profiles. And out of the box, that's set to just extreme. This means that person tokens can't be generated. So, , maybe a link in an email or something that, wouldn't work because we wouldn't want somebody to click on a link in an email and then become a person with an extreme protection profile. It also means that you can't impersonate that person. So if you have impersonation enabled, you won't be able to impersonate somebody with an extreme protection profile, again, the out of the box configuration. There is a job behind these settings that uses these settings to apply account protection profile levels to individuals. That's the, process elevated security job that uses these settings. If you don't have any account protection profiles associated with any records in your system, it probably means that that job needs to run. So you might notice that the high and extreme protection profiles have a criteria that you get assigned one of these protection profile levels if you're in security role marked with either high or extreme elevated security. So, let's take a look at that by going to admin tools, security, and then security roles. And you can see here, that the elevated security level for each role is displayed right here on the screen, so you can see whether each role is extreme or high. You can click on a role to edit it. And under the general settings, this is where you'll set the elevated security level for the role, either none, high, or extreme. And, again, anybody in that role, in this case, because it's marked as extreme, would then have an account protection profile of extreme. So now let's take a look at what you can expect to see when you go to merge a record that has, an an elevated protection profile security level. As an admin, you can still do the merge because that's how we have it set up on our security page settings that we just saw. But you will be notified that one or more of these records is a member of a security role with elevated privileges. So that's a little warning to you that, hey, before you go through and merge these accounts, make sure that, , that this is legit and what you actually wanna do. And and you wanna make sure that they're actually the same person and not the result of potentially an account hijack attempt. For comparison purposes, if you were to try to merge a record, but you didn't have the appropriate security role that's needed according to your security settings that we just saw, you'll get a message that says, , a record on this merge request has an account protection profile of extreme. And then it tells you this will require an individual in the RSR Rock administration role to perform the merge. So in this cases in this case, the merge can't be performed because the person doing the merge doesn't have the specified security role that's needed to merge records where at least one of the records has an account protection profile of extreme. For more information on account protection profiles, you can check out the, person and family field guide as well as the RockAdmin hero guide, those manuals that are posted online to our community website. And just remember that the out of the box configuration for the security settings for account protection profiles are what we recommend for maximum security. So be sure and think through carefully if you're gonna be changing any of those settings. Thanks for watching.